WordPress Himer theme < 2.1.1 - Arbitrary Group Joining via CSRF vulnerability

Arbitrary Group Joining via CSRF vulnerability discovered by Sushmita Poudel in WordPress Theme Himer versions 2.1.1...

WordPress Himer theme < 2.1.3 - CSRF While Sending the Invites

CSRF While Sending the Invites vulnerability discovered by Sushmita Poudel in WordPress Theme Himer versions 2.1.3...

WordPress Himer theme < 2.1.1 - Bypass Poll Voting Restrictions via CSRF vulnerability

Bypass Poll Voting Restrictions via CSRF vulnerability discovered by Sushmita Poudel in WordPress Theme Himer versions 2.1.1...

CVE-2024-2235

The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack...

WordPress Himer theme < 2.1.1 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Theme Himer versions 2.1.1...

WordPress Himer theme < 2.1.1 - Multiple CSRF vulnerability

Multiple CSRF vulnerability discovered by Sushmita Poudel in WordPress Theme Himer versions 2.1.1...

CVE-2024-2235

The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack...

CVE-2024-2040

The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack...

WordPress theme Himer cross-site scripting vulnerability

WordPress is a blogging platform from the WordPress Foundation developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in WordPress theme Himer versions prior to 2.1....

WordPress theme Himer security vulnerability

WordPress is a blogging platform from the WordPress Foundation developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress theme Himer versions prior to 2.1.1, which ste...

WordPress Himer Theme < 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Himer Type Theme Vulnerable versions 2.1.1 Fixed in 2.1.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2233 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 655236f18e54 Credits Sushmita Poudel Required privileg...

PT-2024-18659 · Himer · Himer

Name of the Vulnerable Software and Affected Versions: Himer WordPress theme versions prior to 2.1.1 Description: The issue is related to the lack of CSRF checks in certain areas, which could allow attackers to make users join private groups via a CSRF attack. Recommendations: For versions prior ...

PT-2024-19350 · WordPress · Himer

Name of the Vulnerable Software and Affected Versions: Himer WordPress theme versions prior to 2.1.1 Description: The issue concerns the lack of sanitization and escaping of certain Post settings, potentially allowing high-privilege users, such as Contributors, to perform Stored Cross-Site...

WordPress Himer Theme < 2.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Himer Type Theme Vulnerable versions 2.1.1 Fixed in 2.1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-2234 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID acb8e6a0fd0f Credits Bob Matyas Required privilege Contributor Published ...

PT-2024-19343 · Himer · Himer

Name of the Vulnerable Software and Affected Versions: Himer WordPress theme versions prior to 2.1.1 Description: The issue concerns the lack of CSRF checks in certain areas, allowing attackers to perform unwanted actions on logged-in users through CSRF attacks. This includes actions such as...

WordPress theme Himer Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform from the WordPress Foundation developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A cross-site request forgery vulnerability exists in WordPress theme Himer versions prior t...

WPQA < 5.9.3 - Missing validation lead to functionality abuse

The plugin which is a companion plugin used with Discy and Himer themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them. PoC...

Exploit for Cross-site Scripting in 2Code Wpqa_Builder

CVE-2022-1597 The plugin, used as a companion for the Discy a...